FreeBSD quick news and links (04/08/2010)

Dru Lavigne has joined the PC-BSD team this month. The first thing she did, was setting up another blog: the PC-BSD Blog. She already posts BSD related posts on it.toolbox.com: A year in the life of a BSD guru.

As for the goal for AboutBSD, I want to turn it into a planet website that aggregates how BSD system admins use BSD. So that new users or system admins can learn that BSD is flexible, powerful, and provides all the freedom one needs to deploy services on BSD.

I would have no hesitation in recommending PC-BSD for desktop use. It has definitely been the best install experience for a desktop system I have had. It seems exactly tailored for someone like me, a developer in an office where we have tried to be operating-system-neutral as much as possible: most of our programmers do run PCs but we have weaned ourselves off any PC-only applications long ago (apart from specialist applications). As I mentioned in the previous blog, it is a smooth and pretty OS, and feels solid.

As announced before, ZFS v15 was successfuly imported into FreeBSD! For a time there was an option of importing just v15 or proceeding directly to v16 but the community has decided to first import the older version for reasons of stability and compatibility with Solaris 10 Update 8. (via)

Millions of home routers at risk.

According to new research delivered today here at the Black Hat security conference, millions of home routers may have a serious security flaw.

In his presentation at Black Hat, security researcher Craig Heffner detailed how an external attacker could gain full control of a user’s router and use that to gain access to the internal local area network (LAN). Though the implications are ominous, Heffner, also detailed a variety of steps users can take to protect themselves.

Foremay has introduced a 1TB 2.5? SATA solid-state drive alongside the industry-leading 2TB 3.5? SATA SSD, as the company expects to see an increased demand in SSD products for the enterprise.

The EC188 M-series model-V includes 200 MB/s read/write speeds, and can be used in the enterprise and workstation PCs.

Ideally, enterprise users will be able to utilize the EC188 M-series model-V, as it includes support for Microsoft Windows, Mac, several versions of Linux, OpenSolaris, Solaris, FreeBSD, HP-UX, Unix, and other operating systems…. Continues

Stopping SSH Brute Force attacks with PF on FreeBSD

Most people know that port 22 is used for SSH communication and due to this common knowledge, you get people using scripts to test for weak passwords. If you look into your /var/log/auth.log and you see tons of fails/errors from users not on your system or from invalid passwords for root, it means you have people trying to break into your system. Truthfully, anyone that puts a system online with port 22 open will see this happen to them. It’s quite common and not direct attack against you, just scripts looking for IPs with port 22 open.

Now it goes without saying that you should make sure you have a strong password that take use of numbers, upper and low case letters and symbols. Doing this will go along way in preventing someone from breaking into your system. You should also ensure that people can’t remotely log in as root by making sure that you have ‘PermitRootLogin’ set to ‘no’ in your /etc/ssh/sshd_config file. This will ensure that no mater how many passwords they try for root they will never be able to log in.

Now you could just set your SSH server to run on a different port or have your firewall redirect a different port from the outside to the system, but what’s the fun in that when you can use a great tool like PF.